mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 15:05:23 +00:00
Code Issues Releases Wiki Activity

Add ede for zone with rpz cname override policy

Browse Source 
When the zone is configured with a CNAME override policy, also add the
configured EDE code.

When the zone is contains a wildcard CNAME, also add the configured
EDE code.
This commit is contained in:
Matthijs Mekking
2025-07-25 15:20:37 +02:00
parent 4ef00f97d6
commit 2f70a0ef12
1 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
lib/ns/query.c
View File

@@ -145,13 +145,13 @@
#define QUERY_STALETIMEOUT(q) (((q)->dboptions & DNS_DBFIND_STALETIMEOUT) != 0) #define QUERY_STALETIMEOUT(q) (((q)->dboptions & DNS_DBFIND_STALETIMEOUT) != 0)
/*% Does the rdataset 'r' have an attached 'No QNAME Proof'? */ /*% Does the rdataset 'r' have an attached 'No QNAME Proof'? */
#define NOQNAME(r) (((r)->attributes.noqname)) #define NOQNAME(r) ((r)->attributes.noqname)
/*% Does the rdataset 'r' contain a stale answer? */ /*% Does the rdataset 'r' contain a stale answer? */
#define STALE(r) (((r)->attributes.stale)) #define STALE(r) ((r)->attributes.stale)
/*% Does the rdataset 'r' is stale and within stale-refresh-time? */ /*% Does the rdataset 'r' is stale and within stale-refresh-time? */
#define STALE_WINDOW(r) (((r)->attributes.stale_window)) #define STALE_WINDOW(r) ((r)->attributes.stale_window)
#ifdef WANT_QUERYTRACE #ifdef WANT_QUERYTRACE
static void static void
@@ -6972,6 +6972,16 @@ query_checkrrl(query_ctx_t *qctx, isc_result_t result) {
return ISC_R_SUCCESS; return ISC_R_SUCCESS;
} }
static void
query_rpz_add_ede(query_ctx_t *qctx) {
if (qctx->rpz_st->m.rpz->ede != 0 &&
qctx->rpz_st->m.rpz->ede != UINT16_MAX)
{
dns_ede_add(&qctx->client->edectx, qctx->rpz_st->m.rpz->ede,
NULL);
}
}
/*% /*%
* Do any RPZ rewriting that may be needed for this query. * Do any RPZ rewriting that may be needed for this query.
*/ */
@@ -7124,6 +7134,8 @@ query_checkrpz(query_ctx_t *qctx, isc_result_t result) {
result = dns_rdata_tostruct(&rdata, &cname, NULL); result = dns_rdata_tostruct(&rdata, &cname, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS); RUNTIME_CHECK(result == ISC_R_SUCCESS);
dns_rdata_reset(&rdata); dns_rdata_reset(&rdata);
query_rpz_add_ede(qctx);
result = query_rpzcname(qctx, &cname.cname); result = query_rpzcname(qctx, &cname.cname);
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
return ISC_R_COMPLETE; return ISC_R_COMPLETE;
@@ -7137,6 +7149,7 @@ query_checkrpz(query_ctx_t *qctx, isc_result_t result) {
* Add overriding CNAME from a named.conf * Add overriding CNAME from a named.conf
* response-policy statement * response-policy statement
*/ */
query_rpz_add_ede(qctx);
result = query_rpzcname(qctx, result = query_rpzcname(qctx,
&qctx->rpz_st->m.rpz->cname); &qctx->rpz_st->m.rpz->cname);
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
@@ -7149,12 +7162,7 @@ query_checkrpz(query_ctx_t *qctx, isc_result_t result) {
UNREACHABLE(); UNREACHABLE();
} }
if (qctx->rpz_st->m.rpz->ede != 0 && query_rpz_add_ede(qctx);
qctx->rpz_st->m.rpz->ede != UINT16_MAX)
{
dns_ede_add(&qctx->client->edectx,
qctx->rpz_st->m.rpz->ede, NULL);
}
/* /*
* Turn off DNSSEC because the results of a * Turn off DNSSEC because the results of a